Default account policies
WebSphere Commerce provides two default account policies: Administrators and Shoppers.
Administrators account policy
This policy is the default account policy for administrators. This policy defines the default account lockout policy and default password policy.The default account lockout policy contains the following attributes:
| Attribute | Default value |
|---|---|
| Account lockout
threshold Note: Account
lockout does not work with LDAP enabled. |
3 attempts |
| Consecutive unsuccessful login delay | 20 seconds |
The default password policy contains the following attributes:
| Attribute | Default value |
|---|---|
| Whether the user ID and password can match | N (no, they cannot match) |
| Maximum occurrence of consecutive characters | 3 characters |
| Maximum instances of any character | 4 instances |
| Maximum lifetime of the passwords | 90 days |
| Minimum number of alphabetic characters | 1 alphabetic character |
| Minimum number of numeric characters | 1 numeric character |
| Minimum length of password | 8 character |
| Number of previous passwords to check against when the user selects a new password | 4 passwords |
wcsadmin administrator user that is shipped with WebSphere Commerce is assigned the Administrators policy. Shoppers account policy
This policy is the default account policy for customers who shop on your store. This policy contains the default account lockout policy and default password policy for your customers.The default account lockout policy for customers contains the following default attributes:
| Attribute | Default value |
|---|---|
| Account lockout
threshold Note: Account
lockout does not work with LDAP enabled. |
6 attempts |
| Consecutive unsuccessful login delay | 10 seconds |
The default password policy for customers contains the following default attributes:
| Attribute | Default value |
|---|---|
| Whether the user ID and password can match | N (no, they cannot match) |
| Maximum occurrence of consecutive characters 1 | 3 characters |
| Maximum instances of any character | 4 instances |
| Maximum lifetime of the passwords | 180 days |
| Minimum number of alphabetic characters | 1 alphabetic character |
| Minimum number of numeric characters | 1 numeric character |
| Minimum length of password | 6 characters |
| Number of previous passwords to check against when the user selects a new password | 1 password |
1 For example, a password of 123xyXYZ is valid, but a password of 1234xyXYZ is not since "1234" is more than three consecutive characters.
Customers that complete self-registration are assigned the Shoppers policy.